Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp83460ybi; Thu, 20 Jun 2019 18:21:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqzajpQV62e1uoEzSXmOp3CmgjrNV1AKoLL0oUf9MVRN4Xvv6qHG42dzvMVlQ7zgcmeXbW45 X-Received: by 2002:a63:2cc4:: with SMTP id s187mr9909671pgs.36.1561080061983; Thu, 20 Jun 2019 18:21:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561080061; cv=none; d=google.com; s=arc-20160816; b=CsazWobvhdJeVAgYAha53bNAK0Xyb89+Dbd/z7ZrU9TArzb93I66plhQ6ZfNKR5XPE 1St7Fb53lAqhR3y8RoOFlHcfYCfSs77OO2JHsndkf2U1H4KIhJ5lEgt+vKHowrQG37Ly 8V0fmbV8zfMHlhAs4H/fGTlcKVMq8wggNl54BGnU+pb8l6frtgQbBvY+bg1XEFv0BEwO JYUu3H85dtazsOhdGxPjT+TxFly0yhqgRO60qL6gLZ4RDs5ebMLJo7FBeMux8MOWXcsg obwkUCLipKdnGiJH5Z9ACZ36AoRdPCLmWEYJs4dh1p4/rGseepwqbTN1Y95PT88fsKap 2s6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=t/mH/2CAOnOWxHMVmIaOFtnDHIg0vKk910CbpA/m5hE=; b=hwqlBixFd3cRRp4/2M9g7WSn2S58pvFgXX0lY2sUppyKwOfaYCupce8H7HlHwhPurE oQhyjWgySpgCUKzvzjw68dC2pX201qTeuCgnDRGdFhDhMk3kvdCB6iwsZx6C4nipUm6f 8SZnwIL8RYJSRd91hIod4al4LE4DZiu5ndwrvPdvl6J7ebw9t9N778G5EJokUN86AYXq MjDnHIpXeBNJi8yKx8mqu0SWbBGbffTSt/mDQANH+9j5L+/bfg7o3E9VC5W13KWbGYVj Bupd4JMhDyPt9fTlgH+vm6EltZEtP9gumbuITkEhxnQIPElShO479E3sVh/3MtvSH87F Ai/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ZrJDgzp2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v12si1097371pgq.423.2019.06.20.18.20.46; Thu, 20 Jun 2019 18:21:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ZrJDgzp2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726551AbfFUBUO (ORCPT + 99 others); Thu, 20 Jun 2019 21:20:14 -0400 Received: from mail-pl1-f202.google.com ([209.85.214.202]:36240 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726534AbfFUBUL (ORCPT ); Thu, 20 Jun 2019 21:20:11 -0400 Received: by mail-pl1-f202.google.com with SMTP id a5so2684626pla.3 for ; Thu, 20 Jun 2019 18:20:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=t/mH/2CAOnOWxHMVmIaOFtnDHIg0vKk910CbpA/m5hE=; b=ZrJDgzp2uG5EFeE4+0LjPFkV0TGUObRy4jaKbEQsMbGFlQmn6fopYXvd1LW8FCJjlf xqMgiWJHsarOqLc2NOHcvP5PUfYuofixZBCz9FuBma8aOFOF4vuTt5CRSL4fLm8BVxyR rAxZYQJ3kH92QKEWj+SInFl8VP1HMViB/TXI+hKbeI+s34xQyFt73DCMooaFgNRJb+Lg NWivhN7v4xaXLLeTEDkh1u5hYzRNZ3BTfnX1d1KRKBiqnCtA4L7i1elgetxINyuQwZNQ b8WeC3kT/TTr+6Tac8XSU9ovBR5flmyV+hwqTZ70a5EHt5+aTJNkpBM/Kf4eEWFGAw6t 3B/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=t/mH/2CAOnOWxHMVmIaOFtnDHIg0vKk910CbpA/m5hE=; b=h6+/OQz71PRZhR5KJLWjOjaChr1E0smQcSI+7kPmRyQShZr3Mtys5aSyW7GjWFbQOS /i9Ih4UlxxSeGcEjx3mprVkXOoVMePLvDxTgaFLpgb6ORbXg6RPZkOcWnqQ+4TrlFAsu mnfrLNvuy8UPiWQMVV0KJ5Jlp2OUulrbfvreEMLoRM0VY3fMn8MU9/eRgyqRBF5aXh5g 4xs/8dNrs7zehxml3W1ikbHUR+l0ja36IVvWu07ulKI03OS/JySn5Vm7z8Ku9ydmirVg KQ5JHuJTmXK1c1tROYlBILWXwmr+22P9CrKrrS9riVRHPiTSlaP/cgZlv/FyKyUPADsV PVzg== X-Gm-Message-State: APjAAAVscWdQ9detyrGE9qChmcfccQsd0vmrniUBDSVEAVItoVppQJG3 Xh20yqTmIkyLgbxAxLOecccuhUCgnG/HgJkgw8kbsw== X-Received: by 2002:a63:f4e:: with SMTP id 14mr15526503pgp.58.1561080010211; Thu, 20 Jun 2019 18:20:10 -0700 (PDT) Date: Thu, 20 Jun 2019 18:19:20 -0700 In-Reply-To: <20190621011941.186255-1-matthewgarrett@google.com> Message-Id: <20190621011941.186255-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190621011941.186255-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH V33 09/30] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jiri Bohac , David Howells , Matthew Garrett , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Jiri Bohac cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 67f3a866eabe..455f4fc794f3 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -239,6 +239,12 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, } ret = 0; + + if (security_is_locked_down(LOCKDOWN_KEXEC)) { + ret = -EPERM; + goto out; + } + break; /* All other errors are fatal, including nomem, unparseable -- 2.22.0.410.gd8fdbe21b5-goog